]>
Commit | Line | Data |
---|---|---|
2186cd8e UM |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
4d524e10 | 5 | RSA_private_encrypt, RSA_public_decrypt - low level signature operations |
2186cd8e UM |
6 | |
7 | =head1 SYNOPSIS | |
8 | ||
9 | #include <openssl/rsa.h> | |
10 | ||
e9b77246 BB |
11 | int RSA_private_encrypt(int flen, unsigned char *from, |
12 | unsigned char *to, RSA *rsa, int padding); | |
2186cd8e | 13 | |
e9b77246 BB |
14 | int RSA_public_decrypt(int flen, unsigned char *from, |
15 | unsigned char *to, RSA *rsa, int padding); | |
2186cd8e UM |
16 | |
17 | =head1 DESCRIPTION | |
18 | ||
19 | These functions handle RSA signatures at a low level. | |
20 | ||
21 | RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a | |
22 | message digest with an algorithm identifier) using the private key | |
23 | B<rsa> and stores the signature in B<to>. B<to> must point to | |
24 | B<RSA_size(rsa)> bytes of memory. | |
25 | ||
26 | B<padding> denotes one of the following modes: | |
27 | ||
28 | =over 4 | |
29 | ||
30 | =item RSA_PKCS1_PADDING | |
31 | ||
32 | PKCS #1 v1.5 padding. This function does not handle the | |
33 | B<algorithmIdentifier> specified in PKCS #1. When generating or | |
9b86974e | 34 | verifying PKCS #1 signatures, L<RSA_sign(3)> and L<RSA_verify(3)> should be |
2186cd8e UM |
35 | used. |
36 | ||
37 | =item RSA_NO_PADDING | |
38 | ||
39 | Raw RSA signature. This mode should I<only> be used to implement | |
40 | cryptographically sound padding modes in the application code. | |
41 | Signing user data directly with RSA is insecure. | |
42 | ||
43 | =back | |
44 | ||
2186cd8e UM |
45 | RSA_public_decrypt() recovers the message digest from the B<flen> |
46 | bytes long signature at B<from> using the signer's public key | |
47 | B<rsa>. B<to> must point to a memory section large enough to hold the | |
48 | message digest (which is smaller than B<RSA_size(rsa) - | |
49 | 11>). B<padding> is the padding mode that was used to sign the data. | |
50 | ||
51 | =head1 RETURN VALUES | |
52 | ||
53 | RSA_private_encrypt() returns the size of the signature (i.e., | |
54 | RSA_size(rsa)). RSA_public_decrypt() returns the size of the | |
55 | recovered message digest. | |
56 | ||
57 | On error, -1 is returned; the error codes can be | |
9b86974e | 58 | obtained by L<ERR_get_error(3)>. |
2186cd8e UM |
59 | |
60 | =head1 SEE ALSO | |
61 | ||
53934822 | 62 | L<ERR_get_error(3)>, |
9b86974e | 63 | L<RSA_sign(3)>, L<RSA_verify(3)> |
2186cd8e | 64 | |
e2f92610 RS |
65 | =head1 COPYRIGHT |
66 | ||
67 | Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. | |
68 | ||
4746f25a | 69 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
70 | this file except in compliance with the License. You can obtain a copy |
71 | in the file LICENSE in the source distribution or at | |
72 | L<https://www.openssl.org/source/license.html>. | |
73 | ||
74 | =cut |